It is well understood by enterprises that a cyberattack isn’t a matter of “if,” it is a matter of, “when.” Since the dawn of the internet, cybersecurity has largely focused on threat prevention, but with cyberattacks continuing to grow in both frequency and sophistication, there is a renewed emphasis on incident response and remediation. This is especially true as enterprises increasingly migrate to the cloud.
“Incident Response has traditionally been offered as a professional service. It wasn’t scalable, or efficient,” says Tal Mozes, CEO and Co-founder of Mitiga. “This isn’t a good fit for the modern enterprise, where organizations look to scale quickly, and the cloud adds a new dynamic that can complicate security.”
Consistent with our customers’ priority, ‘Investigation and Response’ continues to be a key theme within Cisco Investments’ cybersecurity strategy. We are excited about adding Mitiga to our cohort of investments focused on solidifying response posture.
Cloud Investigation and Response Automation
Mitiga is a cloud and SaaS Incident Response start-up, who developed a comprehensive Cloud Investigation and Response Automation (CIRA) platform. The platform hunts for emerging attacks, based on a cloud attack scenario library, and provides instant answers to breach-related questions by proactively gathering, organizing, and analyzing forensic-level data.
It is a platform that Mozes says is needed in the modern enterprise.
“You can’t be reactive in the cloud any longer,” he explains. “To build resiliency in the cloud, you have to understand what forensics data is needed for an investigation, and how to collect it, leverage it, and properly store it for when it is needed. Many modern enterprises don’t do this. That is the gap we are filling.”
Addressing Market Needs
It is a gap that security leaders are looking to fill. Cisco Investments recently worked with three other VC firms in creating the 2023 CISO Survival Guide. As part of the process, we spoke with 100 security leaders, three quarters of which said a lack of visibility in the cloud and a lack of investigation capabilities were two of their top technology challenges. New solutions to the market are addressing those challenges.
“The National Institute of Standards and Technology (NIST) defined the most used framework for cybersecurity to include Identify, Detect, Protect, Response and Recover. A lot of resources and budget were dedicated to the first three, but not enough to Respond and Recover. This is not from a lack of awareness but mostly from a lack of options,” Mozes explains.
With Incident Response solutions like Mitiga, enterprises are able to cut down their response time from days, weeks or months to hours.
“We recently had a customer exposed to ransomware, where the attacker asked for millions of dollars to not expose breached customer data,” Mozes says. “Within minutes we identified what data was breached, how it was breached, and how old the data was. Traditional cloud security tools couldn’t have done this.”
Investing in startups, like Mitiga, helps bring these solutions to the market. Exploring use cases for these technologies with our existing suite of security solutions could help customers develop a more holistic approach to their cybersecurity posture.
What’s next?
Even as novel solutions like Mitiga hit the market, enterprises continue to innovate and look for even more dynamic solutions. To that end, Mitiga is looking to artificial intelligence to build a self-learning architecture.
“This kind of platform would learn from all of our customers, and create a network where data gathered from a threat for one customer could be used to identify a threat for another,” Mozes says. “Ultimately, we’re creating a significantly safer cloud environment.”